SSH client setup

see sshd for the server


Generate your workstation key pair

ssh-keygen -t ed25519
cat ~/.ssh/

and copy/paste it to the servers you need to maintain (~/.ssh/authorized_keys)

cat ~/.ssh/id_*.pub

Eventually store the fingerprint of your public key (MD5 used at GitHub),

ssh-keygen -lf ~/.ssh/ > ~/.ssh/
ssh-keygen -E md5 -lf ~/.ssh/ > ~/.ssh/

also provide the PPK format for e.g. Filezilla, but unless you are willing to compile the dev version, you will have to use RSA or DSA (-t rsa, dsa, rsa1),

sudo apt install putty-tools
puttygen ~/.ssh/id_ed25519 -o ~/.ssh/id_ed25519.ppk

fix the permissions,

chmod 700 ~/.ssh/
chmod 600 ~/.ssh/authorized_keys
chmod 600 ~/.ssh/known_hosts
chmod 400 ~/.ssh/id_*


Make it easier to deal with known hosts (don’t hash them out), show the host public key in visual form so you get used to it, and speed up SSH logon by disabling GSSAPI

mv -i /etc/ssh/ssh_config /etc/ssh/ssh_config.dist
grep -vE '^#|^$' /etc/ssh/ssh_config.dist > /etc/ssh/ssh_config
vi /etc/ssh/ssh_config

Host *
    HashKnownHosts no
    GSSAPIAuthentication no
    VisualHostKey yes

One-shot agent

as user

/usr/bin/ssh-agent | sed 's/^echo/#echo/' > $HOME/.ssh/environment
chmod 600 $HOME/.ssh/environment
source $HOME/.ssh/environment

pgrep -a ssh-agent

Automated agent

as user

vi ~/.profile


    function start_agent {
         echo "Initialising new SSH agent..."
         /usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
         echo succeeded
         chmod 600 "${SSH_ENV}"
         . "${SSH_ENV}" > /dev/null

    # Source SSH settings, if applicable

    if [ -f "${SSH_ENV}" ]; then
         . "${SSH_ENV}" > /dev/null
         #ps ${SSH_AGENT_PID} doesn't work under cywgin
         ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {


Check SSH fingerprint –> see at the bottom

Using ssh-agent with ssh

An Illustrated Guide to SSH Agent Forwarding